last executing test programs: 718.228239ms ago: executing program 0 (id=1): mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYRES64=r3], &(0x7f0000000400), 0x6a}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r4}, 0x10) r5 = open(&(0x7f0000000100)='.\x00', 0x555502, 0x0) dup3(0xffffffffffffffff, r5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) 620.456304ms ago: executing program 1 (id=2): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00'}, 0x10) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x2000}, &(0x7f0000c57000), 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4}, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) open(&(0x7f0000000380)='./file2\x00', 0x14507e, 0x0) 207.175188ms ago: executing program 2 (id=3): timer_create(0x9, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0) timer_gettime(0x0, &(0x7f0000000040)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0), 0x81, 0x79e, &(0x7f00000018c0)="$eJzs3ctrXGUbAPDnTG5N2u9LPvhA6yogaKB0YmpsFVxUXIhgoaBr2zCZhjaTTMlMShMCbRHBjaDFhaCb7gQvdefWy1b/CxfSUmwajLiQkTOZaSfNTDppbo35/eC07zvnTJ73OZf3vDPnMCeAfWsw/ScTcTgiPkoi+muvJxHRVS11RpxcWW55cSGXTklUKm//nlSXWVpcyEXDe1IHa5WnI+LH9yOOZNbGLc3NT44VCvmZWn24PHVxuDQ3f/T81NhEfiI/fXxkdPTYiZdOHN+6XP/4Zf7Q7Y/feP6bk3+999TND39K4mQcqs1rzGOrDMZgbZ10patwlde3OtguS9aZd2AH28HGpIdmx8pRHoejPzqqpRZ6d7JlAMB2uRIRFQBgn0mc/wFgn6l/D7C0uJCrT+t8XbDOxYG96c5rKxeolmrXNpfv599Zu2Z3oHodtG8pWZV8EhEDWxB/MCI+/+7dr9Iptuk6JEAzV69FxNmBwbX9f7LmnoWNeqGNZQYfqjf0f92bDA88wvfp+OflZuO/zP3xTzQZ//Q0OXYfxzrHf03m1haEaSkd/73acG/bckP+NQMdtdp/qmO+ruTc+UI+7dv+GxFD0dWT1kfWiTF07+97reY1jv/uXr+Q9nm5u9cvfPlgicytzp7V7xkfK49tJudGd65FPNPZLP96/79yD1uz8e/pNmO8+coHn7Wal+af5luf0vir899elRsRzzXd/g/uaEvWvT9xuLo7DNd3iia+/fXTvlbxG7d/OqXx658FdkK6/fvWz38gabxfs7TxGD/f6P+h1bxH5998/+9O3qmW64OEy2Pl8sxIRHfy1trXjz14b71eXz7Nf+jZ7qbHf73/a7b/p58Jz7aZf+fta18/fv7bK81/fEPbf+OFm8uTHa3it7f9R6ulodor7fR/7TZwM+sOAAAAAAAAAAAAAAAAAAAAAAAAANqViYhDkWSy98uZTDa78gzv/0dfplAslY+cK85Oj0f1WdkD0ZWp/9Rlf8PvoY7Ufg+/Xj/2UP3FiPhfRHzS01utZ3PFwvhuJw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQdbPP8/9VvPbrcOANg2B3a7AQDAjnP+B4D9Z2Pn/95tawcAsHN8/geA/cf5HwD2H+d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAttnpU6fSqfLn4kIurY9fmpudLF46Op4vTWanZnPZXHHmYnaiWJwo5LO54lTLP3R15b9CsXhxNKZnLw+X86XycGlu/sxUcXa6fOb81NhE/ky+a8cyAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2lebmJ8cKhfzMnilUKpUrT0Az/g2FjtpO8KS0Z88VMptYdV/sduMfUWjsJXp3p3MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AP+CQAA//+qiiUU") open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1081000, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1}, 0x18) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x50, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15) r1 = open(&(0x7f0000000080)='./bus\x00', 0x181102, 0x0) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000000c0)) 113.823833ms ago: executing program 3 (id=4): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00') write$UHID_SET_REPORT_REPLY(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc29c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12) write$cgroup_pid(r6, &(0x7f0000000080), 0x12) write$cgroup_int(r6, &(0x7f0000000100)=0x1, 0x12) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@flat=@weak_handle, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0xfffffffffffffffc}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r8, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) sendmsg$nl_route(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[@ANYBLOB="0c010000110021040400"/20, @ANYRES32, @ANYBLOB="01000000000000001400030073797a5f74756e"], 0x10c}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x9b, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x89, 0x2, 0x1, 0x9, 0x0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "5dcc"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0xfffff4bc, 0x7, 0x0, 0x2}, {0x6, 0x24, 0x1a, 0x6bb2, 0x8}, [@network_terminal={0x7, 0x24, 0xa, 0x3f, 0x20, 0x0, 0x6}, @dmm={0x7, 0x24, 0x14, 0xfc9, 0x7fff}, @acm={0x4, 0x24, 0x2, 0xa}, @country_functional={0x8, 0x24, 0x7, 0x40, 0x401, [0x67ce]}, @mbim={0xc, 0x24, 0x1b, 0x101, 0x401, 0x6f, 0xff, 0x6, 0x49}, @obex={0x5, 0x24, 0x15, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0xfb, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x9, 0x7, 0x3f}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x9, 0x7f, 0xc6}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x310, 0x40, 0x40, 0x80, 0xf7, 0x7f}, 0x44, &(0x7f00000001c0)={0x5, 0xf, 0x44, 0x3, [@ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x6, 0xf000, 0xb9, [0xffc030]}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1}, @ssp_cap={0x24, 0x10, 0xa, 0xae, 0x6, 0x1, 0xf00, 0x0, [0x16010, 0x3f00, 0xc000, 0xc00f, 0xff00f0, 0x0]}]}, 0x3, [{0x35, &(0x7f0000000240)=ANY=[@ANYBLOB="35031b80ecf409f193f1e2fbdfe89ff51bd065e9222b58b69cc16ba3146e1f36d23b1209931765bf1a1525909e7f32c732461bdc58"]}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xc6e}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x807}}]}) syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0022050000000017115c3d"], 0x0}, 0x0) 52.806822ms ago: executing program 2 (id=6): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_usb_disconnect(r0) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r3, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) ioctl$TUNSETLINK(r4, 0x800454d7, 0x0) ppoll(&(0x7f00000002c0)=[{r2, 0x9004}, {r1}], 0x2, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) close(r1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000080001c1e977c1700000002000000000000000200000d000000000000000005000000000000000100002100005b974144e77e7627b1d96045a396e49d28b7c41b695af2c381e800d1a679cef5d4240dbead2fda101f355fbf56dbb2c2d7b2500caf14506130d85db7fbef86b3"], 0x0, 0x36}, 0x20) 0s ago: executing program 4 (id=5): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xb) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x27d, 0x0, 0x0, 0x41100, 0x84}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x90) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="180000b67700300000000000080000009b82100000000000850000009a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000086000000057a0001f0ffffff185400000c0000000000000000000000852000000500000085100000ffffffff9500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x81, 0xf3, &(0x7f0000000800)=""/243, 0x41000, 0x36, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f0000000980)={0x1, 0x4}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x0, 0x0, 0x7}, 0x10, 0x1e461, r0, 0x7, &(0x7f0000000a00)=[r1, r1, r0, r0, r1, r0], &(0x7f0000000b00)=[{0x3, 0x80000001, 0xb}, {0x4, 0x1, 0x6, 0x5}, {0x1, 0x4, 0x5, 0x2}, {0x0, 0x4, 0x10, 0x6}, {0x0, 0x2, 0xe, 0x8}, {0x1, 0x4, 0xf, 0x7}, {0x0, 0x2, 0xd, 0x8}], 0x10, 0x8000}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r4, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x62, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x2e, &(0x7f0000000400), 0x0, 0x10, &(0x7f00000001c0), 0x0, 0x0, 0x27, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001140)={&(0x7f0000001080)=ANY=[@ANYBLOB="9feb010018000000000000002400000034000000090000000000000000000003000000000200000003000000000000000c0000000000000a050000000000612e2e61613f00"], &(0x7f0000001100)=""/43, 0x45, 0x2b, 0x1, 0x5}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="8c004100", @ANYRES16=r7, @ANYBLOB="01002cbd700000000000050000000800050000000000700003806a000400f235c7f7a787d5055fe282b29e161f72a4f353845f000216631df46c0200e1c0271be010f7e4c28b454b7ba655dee2b53b70a46f5b666e5957f14e82a7252e868231a7cf5dd7db6d93ce5da865961066dc9c7c78971f861425a941522cf77e8cb26c788888990000"], 0x8c}}, 0x2404000c) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000080)='ext4_es_insert_delayed_block\x00', r8}, 0x10) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r12, 0x4048ae9b, &(0x7f0000000300)={0xe0001, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r12, 0xae80, 0x0) write$cgroup_type(r9, &(0x7f0000000180), 0x2009) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="7573656f090000006e6f75736572786174f4522c6e00000000000000"], 0x3, 0x1b1, &(0x7f0000000380)="$eJzsmM1LG0EYxp+Z3WxIT+21FFpooOmhm91NWwql0Jxy6KXQD/EiBrOG6MZIsgcTEOLRk3+Df4J4Fw9evQleVRC8ePS8MrOjOxrzISRB8P0d3jwz82Y+3t08AwFBEM+Ws9Ork/XN81cc6GaQRVr1XxhJDtfymzu/cm8OS+7e3MH3493S0f353gGIotHXF3PvFw2Eqh1Fd7+dVZ9/wZFFRup/4Pio+mfAYCs9D47/SvtgmFV6SdMNkW/bi7XAtxcaQUUIRwRXBE+Egr6+CeByg6Gi7Y9p4612Z7kcBH6zV1j9hx4nBtVP7q/I8QOI1COL9Od1UxtH1i/GBYerdAEMf5T+hrSqDe85/2szOb8x2vnHKVLi1RuUszW51U1M4YAkhgh0Y5FGMsSn9fpNRojfzxPYxoRE4h/RNsMHzT9NzT/yYX31Z6vd+VSrl6t+1V/xvMJX57PjfPHy0pvjOMD/MtKfXmjzp/rkWszCWjkMm24cb9teHB9yXEv6H0fufdxmqk9H3gcvmbj6kDNUmyAIgiAIgiAIgiAIgiAIYuy8BZP/gg7B+y2zrwMAAP//Ub9tHw==") r13 = syz_open_procfs(0x0, &(0x7f0000002380)='mounts\x00') read$FUSE(r13, &(0x7f0000003f80)={0x2020}, 0x2020) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904000001c5b3e30009050b"], 0x0) kernel console output (not intermixed with test programs): [ 5.254451][ T161] udevd (161) used greatest stack depth: 24344 bytes left [ 6.049271][ T184] dbus-daemon (184) used greatest stack depth: 24184 bytes left [ 6.162563][ T194] ip (194) used greatest stack depth: 23672 bytes left [ 8.983402][ T172] udevd (172) used greatest stack depth: 22072 bytes left [ 14.338901][ T23] kauditd_printk_skb: 50 callbacks suppressed [ 14.338910][ T23] audit: type=1400 audit(1719288408.010:61): avc: denied { transition } for pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.343199][ T23] audit: type=1400 audit(1719288408.010:62): avc: denied { noatsecure } for pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.346244][ T23] audit: type=1400 audit(1719288408.020:63): avc: denied { write } for pid=287 comm="sh" path="pipe:[10606]" dev="pipefs" ino=10606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.349677][ T23] audit: type=1400 audit(1719288408.020:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.352378][ T23] audit: type=1400 audit(1719288408.020:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts. [ 20.430248][ T23] audit: type=1400 audit(1719288414.110:66): avc: denied { mounton } for pid=341 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.431643][ T341] cgroup1: Unknown subsys name 'net' [ 20.452720][ T23] audit: type=1400 audit(1719288414.110:67): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.457950][ T341] cgroup1: Unknown subsys name 'net_prio' [ 20.485355][ T341] cgroup1: Unknown subsys name 'devices' [ 20.491563][ T23] audit: type=1400 audit(1719288414.170:68): avc: denied { unmount } for pid=341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.661832][ T341] cgroup1: Unknown subsys name 'hugetlb' [ 20.667455][ T341] cgroup1: Unknown subsys name 'rlimit' [ 20.800225][ T23] audit: type=1400 audit(1719288414.480:69): avc: denied { setattr } for pid=341 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.823289][ T23] audit: type=1400 audit(1719288414.480:70): avc: denied { mounton } for pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.847932][ T23] audit: type=1400 audit(1719288414.480:71): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.853669][ T343] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.879460][ T23] audit: type=1400 audit(1719288414.560:72): avc: denied { relabelto } for pid=343 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.904724][ T23] audit: type=1400 audit(1719288414.560:73): avc: denied { write } for pid=343 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.933239][ T23] audit: type=1400 audit(1719288414.610:74): avc: denied { read } for pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.958925][ T23] audit: type=1400 audit(1719288414.610:75): avc: denied { open } for pid=341 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.984828][ T341] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.215950][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.222829][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.230278][ T350] device bridge_slave_0 entered promiscuous mode [ 21.238750][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.245610][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.252861][ T350] device bridge_slave_1 entered promiscuous mode [ 21.351544][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.358376][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.365835][ T351] device bridge_slave_0 entered promiscuous mode [ 21.372745][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.379584][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.387016][ T351] device bridge_slave_1 entered promiscuous mode [ 21.453178][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.460273][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.467588][ T353] device bridge_slave_0 entered promiscuous mode [ 21.477708][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.484635][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.491829][ T353] device bridge_slave_1 entered promiscuous mode [ 21.540812][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.547630][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.554955][ T352] device bridge_slave_0 entered promiscuous mode [ 21.590026][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.596847][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.604224][ T352] device bridge_slave_1 entered promiscuous mode [ 21.626997][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.633862][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.641127][ T354] device bridge_slave_0 entered promiscuous mode [ 21.647784][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.654663][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.661965][ T354] device bridge_slave_1 entered promiscuous mode [ 21.718674][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.725515][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.732637][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.739402][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.747253][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.754095][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.761212][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.767965][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.860103][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.866933][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.874093][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.880835][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.901518][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.908597][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.915754][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.922850][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.930168][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.937090][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.944933][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.952156][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.971857][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.979923][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.986727][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.999493][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.007074][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.015548][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.022390][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.029644][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.037552][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.044294][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.060657][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.068592][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.075431][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.113524][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.121764][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.129674][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.137796][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.183849][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.193855][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.202083][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.225588][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.233524][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.241666][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.248473][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.256101][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.264041][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.270863][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.278142][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.285984][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.293851][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.301635][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.309649][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.316452][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.323649][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.330874][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.338116][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.360346][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.368514][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.376802][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.383636][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.391254][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.399592][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.407618][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.415753][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.423809][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.430631][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.437838][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.446226][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.454287][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.461102][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.468217][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.476295][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.484365][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.492424][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.500599][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.528230][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.536362][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.546695][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.554712][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.562605][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.570737][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.578534][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.586886][ T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.641543][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.650752][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.658794][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.666957][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.676137][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.684214][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.863701][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.871956][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.880207][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.888163][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.914259][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.922376][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.930251][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.938169][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.946333][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.954414][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.962635][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.970736][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.978795][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.987029][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.995445][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.003605][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.020465][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.028113][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.045118][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.059628][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.082506][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.091279][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.099952][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.108151][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.116415][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.127835][ T384] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 23.151572][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.164346][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.174541][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.183645][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.190617][ T351] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.192433][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.207419][ T351] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block [ 23.214425][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.226013][ T351] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block [ 23.283230][ T386] ------------[ cut here ]------------ [ 23.288491][ T386] kernel BUG at fs/buffer.c:3027! [ 23.294095][ T386] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.299962][ T386] CPU: 0 PID: 386 Comm: kmmpd-loop2 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 23.309677][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 23.319596][ T386] RIP: 0010:submit_bh_wbc+0x831/0x850 [ 23.324786][ T386] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 f6 a7 ba ff 0f 0b e8 ef a7 ba ff <0f> 0b e8 e8 a7 ba ff 0f 0b e8 e1 a7 ba ff 0f 0b e8 da a7 ba ff 0f [ 23.344248][ T386] RSP: 0018:ffff8881d8a4fbf0 EFLAGS: 00010293 [ 23.350121][ T386] RAX: ffffffff81a99431 RBX: 0000000000000000 RCX: ffff8881f3cdbf00 [ 23.357932][ T386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.365745][ T386] RBP: 0000000000003800 R08: ffffffff81a98ca4 R09: ffffed103d3455cf [ 23.373554][ T386] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 23.381371][ T386] R13: ffff8881e9a2ae70 R14: 0000000000000001 R15: 0000000000000000 [ 23.389180][ T386] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.397946][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.404368][ T386] CR2: 0000001b31e1cff8 CR3: 00000001dc96d000 CR4: 00000000003406b0 [ 23.412187][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.419989][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.427801][ T386] Call Trace: [ 23.430940][ T386] ? __die+0xb4/0x100 [ 23.434747][ T386] ? die+0x26/0x50 [ 23.438306][ T386] ? do_trap+0x1e7/0x340 [ 23.442398][ T386] ? submit_bh_wbc+0x831/0x850 [ 23.446991][ T386] ? submit_bh_wbc+0x831/0x850 [ 23.451587][ T386] ? do_invalid_op+0xfb/0x110 [ 23.456102][ T386] ? submit_bh_wbc+0x831/0x850 [ 23.460712][ T386] ? invalid_op+0x1e/0x30 [ 23.464877][ T386] ? submit_bh_wbc+0xa4/0x850 [ 23.469377][ T386] ? submit_bh_wbc+0x831/0x850 [ 23.473982][ T386] ? submit_bh_wbc+0x831/0x850 [ 23.478581][ T386] ? debug_smp_processor_id+0x20/0x20 [ 23.483787][ T386] ? bit_waitqueue+0x30/0x30 [ 23.488214][ T386] submit_bh+0x21/0x30 [ 23.492129][ T386] write_mmp_block+0x3ff/0x5b0 [ 23.496721][ T386] ? console_conditional_schedule+0x10/0x10 [ 23.502448][ T386] ? read_mmp_block+0x8a0/0x8a0 [ 23.507158][ T386] kmmpd+0x7de/0xa10 [ 23.510874][ T386] ? write_mmp_block+0x5b0/0x5b0 [ 23.515639][ T386] ? __wake_up_locked+0xb7/0x110 [ 23.520424][ T386] ? __kthread_parkme+0xb0/0x1b0 [ 23.525189][ T386] kthread+0x2da/0x360 [ 23.529098][ T386] ? write_mmp_block+0x5b0/0x5b0 [ 23.533878][ T386] ? kthread_blkcg+0xd0/0xd0 [ 23.538294][ T386] ret_from_fork+0x1f/0x30 [ 23.542631][ T386] Modules linked in: [ 23.557325][ T391] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.562598][ T386] ---[ end trace 0837bb3c6605deb2 ]--- [ 23.578382][ T386] RIP: 0010:submit_bh_wbc+0x831/0x850 [ 23.584653][ T386] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 f6 a7 ba ff 0f 0b e8 ef a7 ba ff <0f> 0b e8 e8 a7 ba ff 0f 0b e8 e1 a7 ba ff 0f 0b e8 da a7 ba ff 0f [ 23.605512][ T386] RSP: 0018:ffff8881d8a4fbf0 EFLAGS: 00010293 [ 23.612282][ T386] RAX: ffffffff81a99431 RBX: 0000000000000000 RCX: ffff8881f3cdbf00 [ 23.620318][ T386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.628087][ T386] RBP: 0000000000003800 R08: ffffffff81a98ca4 R09: ffffed103d3455cf [ 23.636387][ T386] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 23.644510][ T386] R13: ffff8881e9a2ae70 R14: 0000000000000001 R15: 0000000000000000 [ 23.657376][ T386] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.666586][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.673847][ T386] CR2: 00007fe61abb7ab8 CR3: 00000001edbd0000 CR4: 00000000003426b0 [ 23.682218][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.690019][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.697944][ T386] Kernel panic - not syncing: Fatal exception [ 23.704071][ T386] Kernel Offset: disabled [ 23.708185][ T386] Rebooting in 86400 seconds..